National Defense provides authoritative, non-partisan coverage of business and technology trends in defense and homeland security. A highly regarded news source for defense professionals in government and industry, National Defense offers insight and analysis on defense programs, policy, business, science and technology. Special reports by expert journalists focus on defense budgets, military tactics, doctrine and strategy.

F-35 Logistics System Faces Challenges

The information technology backbone of Lockheed Martin’s F-35 joint strike fighter is its autonomic logistics information system, or ALIS. However, as the latest iteration of the system — known as version 3.0 — prepares to be rolled out later this year, one Pentagon agency has said the program faces risks.

Robert F. Behler, the Defense Department’s director of operational test and evaluation, said the system — which allows operators to plan, maintain and sustain the aircraft throughout its lifecycle — has cyber vulnerabilities, deficiencies and is at risk of schedule delays.

“ALIS is designed to bring efficiency to maintenance and flight operations, but it does not yet perform as intended due to several unresolved deficiencies,” he said in the fiscal year 2017 DOT&E annual report which was released in January.

In 2017, the joint strike fighter operational test team, or JOTT, conducted two evaluations of ALIS version 2.0.2.4 to include the cooperative vulnerability and penetration assessment and the adversarial assessment.

The testing included all three components of the system: the autonomic logistics operating unit, which serves as the collection point and hub for global F-35 logistics data; the central point of entry, the component that collects and stages data distributed to and from the field; and the squadron kit, an operational component at the field units, according to the report.

“Cybersecurity testing in 2017 showed that some of the vulnerabilities identified during earlier testing periods still had not been remedied,” the report said. “More testing is needed to assess the cybersecurity structure of the air vehicle and supporting logistics infrastructure system … and to determine whether, and to what extent, vulnerabilities may have led to compromises of F-35 data.”

According to the report, not all of the testing associated with the adversarial assessment was completed due to circumstances out of the JOTT’s control. The team planned to reschedule those tests for 2018, it noted.

“The program should fully complete end-to-end cybersecurity testing on all three levels of ALIS for each of the planned updates to ALIS software,” the DOT&E report said.

When asked about the report’s findings, Reeves Valentine, vice president for F-35 logistics at Lockheed Martin, said ALIS’ cyber protections were sound.

“We believe our cybersecurity is very good,” he said in an interview. “We’ll continue to adapt to threats and continue to upgrade and make changes to cybersecurity to ensure that the war-fighter is protected.”

It may be hard for Lockheed Martin to ever fully resolve ALIS’ cyber vulnerabilities, said Andrew Hunter, director of the Defense-Industrial Initiatives Group at the Center for Strategic and International Studies.

“We’d be kidding ourselves if we thought we were likely to create a foolproof system, but the key thing will be to ensure that — to the extent there are breaches of the system — they aren’t OPM-hack-style mega disasters where a single breach can expose everything in the system,” he said, referring to a 2015 cyber breach at the Office of Personnel Management that exposed personal data of more than 4 million current and former federal government employees.

ALIS will be an attractive target to potential adversaries before, during and after conflicts, he said. “You absolutely have to anticipate that it’s going to be attempted. It’s going to be gone after aggressively,” Hunter said. “There is still a long way to go to make ALIS a system that we can have full confidence in.”

Ensuring that ALIS is robust and resilient is something that Lockheed needs to work on. It will need to be hardy enough that it can recover rapidly from a cyber breach, should that happen, he noted.

It’s important for it to not be down for an extended period of time because it is critical for F-35 maintainers, he said.

However, “maintainers will still be able to maintain the aircraft even if there are some [minor] issues with penetration of the system,” Hunter said.

The DOT&E report identified other issues with ALIS.

“Most capabilities function as intended only with a high level of manual effort by ALIS administrators and maintenance personnel,” the report said. “Manual work-arounds are often needed to complete tasks designed to be automated.”

Additionally, the system’s configuration management of its software and data products remains complex and time consuming, it noted.

The program also faces risk of schedule slippage, the DOT&E report found.

“Version 3.0 is necessary to provide full combat capability. However, the program will likely not field ALIS 3.0 until early 2018 due to delays with ALIS 2.0.2.4,” the report said.

According to Valentine, Lockheed plans to have 3.0 rolled out by the third quarter of fiscal year 2018.

“Development, … system integration and its formal testing were all accomplished either on or ahead of schedule,” he said.

Flight testing wrapped up in January and the company is taking steps to begin operating ALIS in support of initial operational test and evaluation, he noted.

The ALIS update does not go onto the F-35 themselves, but rather the ground support system, he noted.

“It’s not anything that we load onto the mission system of the aircraft,” he said. To update the system, Lockheed sends personnel to each of the host bases and upgrades the ALIS hardware.

“Specifically, each squadron has what they call a standard operating unit, and it’s a system of servers that hold all the squadron information,” he said. “There is a classified and unclassified SOU, and so it is us upgrading the software on each of those.”

The F-35’s international partners will also receive the 3.0 update later this year, he added.

“There are a few really great user-friendly updates that really enhance the capabilities,” he said.

One includes reducing the time it takes to download data from the F-35 into ALIS, he said. After each sortie, maintainers on the ground download that information into the ALIS system, which then completes a readiness check and crunches data.

“The faster that data can be adjusted and calculated within ALIS, the faster that they’ll get the information they need to be able to turn the jet for another sortie,” he said.

Another update will be for ALIS’ training and management system, or TMS, he noted.

“All of the pilot and maintainers’ training records are housed within ALIS related to TMS,” he said. “This new version of the training management system adds a lot more flexibility for the war-
fighter to adjust training plans and adjust their training records, which is a big enhancement.”

Version 3.0 will also reduce non-actionable work orders by more than 50 percent, Valentine said. “This is just lowering the workload of maintainers and … allowing them to focus on needed maintenance,” he said.

There will also be more than 350 software fixes, he added.

Version 4.0 is currently in its development phase. The DOT&E report said it was scheduled to be released in late 2018 and was at high risk of schedule slippage.

Amy Gowder, vice president and general manager of Lockheed Martin training and logistics solutions, said the system may not even be released in 2019.

“That is right now, frankly, in discussion,” she said during a media event in Orlando, Florida. “As you develop a system over 10 years, processes change [and] user priorities change. … There are certainly some priorities that we’re discussing across the international partners that may change the look and feel of 4.0, and we may get a couple of different releases.”

Additionally, DOT&E noted that some capabilities that were originally slated for version 3.0 had been moved to the 4.0 upgrade, though it did not mention specific items.

Valentine said this revised plan was discussed jointly with the F-35 joint program office and the company has been operating off of it for more than 18 months.

“I don’t think anything that the DOT&E report stated regarding moving capability into 4.0 is new news,” he said.

Moving some capabilities from 3.0 to 4.0 is not necessarily a bad thing, Hunter said.

“The acquisition system occasionally gets really wrapped up around following plans and any deviation from a plan is failure,” he said. “What we see in kind of innovative sectors of the commercial world is deviation from plan is not failure. Deviation from plan is accepting reality, it’s taking the wins that you can get and deferring the wins that you need more time to get.”

However, overall, it would appear that the system is not where it should be, he said.

“I would not characterize ALIS as being on track at this current point in time,” he said. “The versions of ALIS that have actually been sent to be used by the Marines and by Air Force maintainers and operators are functional but they don’t have the full capability that … the overall system is really designed to have when it’s fully operational.”

But that doesn’t mean that F-35 squadrons are suffering, he added.

“ALIS is probably … behind more than most of the rest of the program, but I don’t think … at this point you could say, ‘Hey, there is a task that these operational units really need to be doing that they can’t do today because of where ALIS is,’” he said.

Related Articles

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.